DNS server address 8.8.8.8 is a public DNS server known to Tunnelblick but is not being routed through the VPN

[skirm...@gmail.com]

After some time being connected Tunnelblick highlights one or more problems with DNS:

DNS server address 8.8.8.8 is a public DNS server known to Tunnelblick but is not being routed through the VPN

DNS server address 8.8.4.4 is a public DNS server known to Tunnelblick but is not being routed through the VPN

Possibly this is an OpenVPN issue, I haven't been able to find documentation on it.

My MacOS network settings are: DHCP with manual address, no manual DNS entries.

*Tunnelblick: macOS 10.10.5 (14F2511); Tunnelblick 3.8.0 (build 5370); prior version 3.7.9a (build 5321); Admin user

git commit c6c984efbc7c7d803728e6299fd40da488bb344e

Configuration AU Melbourne TCP 443

"Sanitized" condensed configuration file for /Users/SANITIZED/Library/Application Support/Tunnelblick/Configurations/AU Melbourne TCP 443.tblk:

client

dev tun

proto tcp

remote 168.1.99.252 443

resolv-retry infinite

nobind

persist-key

persist-tun

cipher bf-cbc

auth sha1

tls-client

remote-cert-tls server

auth-user-pass

compress

verb 1

reneg-sec 0

<crl-verify>

-----BEGIN X509 CRL-----

[Lines that appear to be security-related have been omitted]

-----END X509 CRL-----

</crl-verify>

<ca>

[Security-related line(s) omitted]

</ca>

disable-occ

================================================================================

Files in AU Melbourne TCP 443.tblk:

      Contents/Resources/ca.crt

      Contents/Resources/ca.….crt

      Contents/Resources/config.ovpn

      Contents/Resources/crl.pem

      Contents/Resources/crl….pem

================================================================================

Configuration preferences:

-skipWarningThatNotUsingSpecifiedOpenVPN = 1

autoConnect = 1

-onSystemStart = 0

-resetPrimaryInterfaceAfterUnexpectedDisconnect = 0

-routeAllTrafficThroughVpn = 1

-runMtuTest = 0

-keychainHasUsernameAndPassword = 1

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

-keepConnected = 1

-doNotDisconnectOnSleep = 0

-doNotDisableIpv6onTun = 0

-disableNetworkAccessAfterUnexpectedDisconnect = 0

-lastConnectionSucceeded = 1

-tunnelDownSoundName = None

================================================================================

Wildcard preferences:

================================================================================

Program preferences:

placeIconInStandardPositionInStatusBar = 1

launchAtNextLogin = 1

notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

tunnelblickVersionHistory = (

    "3.8.0 (build 5370)",

    "3.7.9a (build 5321)",

    "3.7.9 (build 5320)",

    "3.7.8 (build 5180)",

    "3.7.7 (build 5150)",

    "3.7.6a (build 5080)",

    "3.7.5a (build 5011)",

    "3.7.5 (build 5010)",

    "3.7.4b (build 4921)",

    "3.7.4a (build 4920)"

)

statusDisplayNumber = 0

lastLaunchTime = 585524116.015599

showConnectedDurations = 1

lastLanguageAtLaunchWasRTL = 0

connectionWindowDisplayCriteria = showWhenConnecting

maxLogDisplaySize = 102400

lastConnectedDisplayName = AU Melbourne TCP 443

keyboardShortcutIndex = 1

updateCheckAutomatically = 1

NSWindow Frame ConnectingWindow = 525 518 389 187 0 0 1440 877 

NSWindow Frame SUStatusFrame = 520 562 400 129 0 0 1440 877 

NSWindow Frame SUUpdateAlert = 410 364 620 392 0 0 1440 877 

detailsWindowFrameVersion = 5370

detailsWindowFrame = {{94, 339}, {920, 467}}

detailsWindowLeftFrame = {{0, 0}, {167, 350}}

detailsWindowViewIndex = 0

detailsWindowConfigurationsTabIdentifier = log

leftNavSelectedDisplayName = AU Melbourne TCP 443

AdvancedWindowTabIdentifier = sounds

haveDealtWithOldTunTapPreferences = 1

haveDealtWithOldLoginItem = 1

haveDealtWithAfterDisconnect = 1

SUEnableAutomaticChecks = 1

SUFeedURL = https://www.tunnelblick.net/appcast-s.rss

SUScheduledCheckInterval = 86400

SUSendProfileInfo = 0

SULastCheckTime = 2019-07-23 22:04:27 +0000

SUHasLaunchedBefore = 1

WebKitDefaultFontSize = 16

WebKitStandardFont = Times

userAgreementVersionAgreedTo = 1

askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

haveDealtWithSparkle1dot5b6 = 1

updateSendProfileInfo = 0

================================================================================

Tunnelblick Log:

2019-07-24 14:15:25.818365 *Tunnelblick: macOS 10.10.5 (14F2511); Tunnelblick 3.8.0 (build 5370); prior version 3.7.9a (build 5321)

2019-07-24 14:15:26.271424 *Tunnelblick: Attempting connection with AU Melbourne TCP 443 using shadow copy; Set nameserver = 769; monitoring connection

2019-07-24 14:15:26.272329 *Tunnelblick: openvpnstart start AU\ Melbourne\ TCP\ 443.tblk 54410 769 0 1 0 1098544 -ptADGNWradsgnw 2.4.7-openssl-1.0.2r

2019-07-24 14:15:26.288548 *Tunnelblick: openvpnstart starting OpenVPN

2019-07-24 14:15:26.506134 OpenVPN 2.4.7 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Jul 19 2019

2019-07-24 14:15:26.506161 library versions: OpenSSL 1.0.2r  26 Feb 2019, LZO 2.10

2019-07-24 14:15:26.507122 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:54410

2019-07-24 14:15:26.507144 Need hold release from management interface, waiting...

2019-07-24 14:15:26.896924 *Tunnelblick: openvpnstart log:

     OpenVPN started successfully.

     Command used to start OpenVPN (one argument per displayed line):

          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.7-openssl-1.0.2r/openvpn

          --daemon

          --log /Library/Application Support/Tunnelblick/Logs/-SUsers-SSANITIZED-SLibrary-SApplication Support-STunnelblick-SConfigurations-SAU Melbourne TCP 443.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1098544.54410.openvpn.log

          --cd /Library/Application Support/Tunnelblick/Users/SANITIZED/AU Melbourne TCP 443.tblk/Contents/Resources

          --machine-readable-output

          --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5370 3.8.0 (build 5370)"

          --verb 3

          --config /Library/Application Support/Tunnelblick/Users/SANITIZED/AU Melbourne TCP 443.tblk/Contents/Resources/config.ovpn

          --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/SANITIZED/AU Melbourne TCP 443.tblk/Contents/Resources

          --verb 3

          --cd /Library/Application Support/Tunnelblick/Users/SANITIZED/AU Melbourne TCP 443.tblk/Contents/Resources

          --management 127.0.0.1 54410 /Library/Application Support/Tunnelblick/olneechcmkdphbbchdfikgjhdddndggjloegpidj.mip

          --management-query-passwords

          --management-hold

          --redirect-gateway def1

          --script-security 2

          --route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

          --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2019-07-24 14:15:26.971089 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:54410

2019-07-24 14:15:27.015514 MANAGEMENT: CMD 'pid'

2019-07-24 14:15:27.015574 MANAGEMENT: CMD 'auth-retry interact'

2019-07-24 14:15:27.015590 MANAGEMENT: CMD 'state on'

2019-07-24 14:15:27.015602 MANAGEMENT: CMD 'state'

2019-07-24 14:15:27.015626 MANAGEMENT: CMD 'bytecount 1'

2019-07-24 14:15:27.016036 *Tunnelblick: Established communication with OpenVPN

2019-07-24 14:15:27.024122 *Tunnelblick: >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info

2019-07-24 14:15:27.027027 MANAGEMENT: CMD 'hold release'

2019-07-24 14:15:27.048475 *Tunnelblick: Obtained VPN username and password from the Keychain

2019-07-24 14:15:27.049575 MANAGEMENT: CMD 'username "Auth" “SANITIZED”’

2019-07-24 14:15:27.049642 MANAGEMENT: CMD 'password [...]'

2019-07-24 14:15:27.049933 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2019-07-24 14:15:27.050709 TCP/UDP: Preserving recently used remote address: [AF_INET]168.1.99.252:443

2019-07-24 14:15:27.050780 Socket Buffers: R=[131072->131072] S=[131072->131072]

2019-07-24 14:15:27.050794 Attempting to establish TCP connection with [AF_INET]168.1.99.252:443 [nonblock]

2019-07-24 14:15:27.050803 MANAGEMENT: >STATE:1563941727,TCP_CONNECT,,,,,,

2019-07-24 14:15:28.051971 TCP connection established with [AF_INET]168.1.99.252:443

2019-07-24 14:15:28.051998 TCP_CLIENT link local: (not bound)

2019-07-24 14:15:28.052006 TCP_CLIENT link remote: [AF_INET]168.1.99.252:443

2019-07-24 14:15:28.052040 MANAGEMENT: >STATE:1563941728,WAIT,,,,,,

2019-07-24 14:15:28.411310 MANAGEMENT: >STATE:1563941728,AUTH,,,,,,

2019-07-24 14:15:28.411389 TLS: Initial packet from [AF_INET]168.1.99.252:443, sid=2ebc939e 6bda390c

2019-07-24 14:15:28.411491 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

2019-07-24 14:15:28.491679 VERIFY OK: depth=1, C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, emailAddress=sec...@privateinternetaccess.com

2019-07-24 14:15:28.491852 VERIFY KU OK

2019-07-24 14:15:28.491866 Validating certificate extended key usage

2019-07-24 14:15:28.491870 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2019-07-24 14:15:28.491874 VERIFY EKU OK

2019-07-24 14:15:28.491877 VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=8874b53a0d8c54ca96bb3f33ec72f37d, name=8874b53a0d8c54ca96bb3f33ec72f37d

2019-07-24 14:15:29.454235 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

2019-07-24 14:15:29.454274 [8874b53a0d8c54ca96bb3f33ec72f37d] Peer Connection Initiated with [AF_INET]168.1.99.252:443

2019-07-24 14:15:30.553565 MANAGEMENT: >STATE:1563941730,GET_CONFIG,,,,,,

2019-07-24 14:15:30.553659 SENT CONTROL [8874b53a0d8c54ca96bb3f33ec72f37d]: 'PUSH_REQUEST' (status=1)

2019-07-24 14:15:30.589769 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.30.1.1,topology net30,ifconfig 10.30.1.14 10.30.1.13,auth-token'

2019-07-24 14:15:30.589961 OPTIONS IMPORT: timers and/or timeouts modified

2019-07-24 14:15:30.589974 OPTIONS IMPORT: compression parms modified

2019-07-24 14:15:30.589980 OPTIONS IMPORT: --ifconfig/up options modified

2019-07-24 14:15:30.589984 OPTIONS IMPORT: route options modified

2019-07-24 14:15:30.589988 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

2019-07-24 14:15:30.590168 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key

2019-07-24 14:15:30.590181 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).

2019-07-24 14:15:30.590189 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication

2019-07-24 14:15:30.590235 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key

2019-07-24 14:15:30.590264 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).

2019-07-24 14:15:30.590272 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication

2019-07-24 14:15:30.590277 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.

2019-07-24 14:15:30.590646 Opened utun device utun0

2019-07-24 14:15:30.590741 MANAGEMENT: >STATE:1563941730,ASSIGN_IP,,10.30.1.14,,,,

2019-07-24 14:15:30.590788 /sbin/ifconfig utun0 delete

                           ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2019-07-24 14:15:30.594404 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2019-07-24 14:15:30.594443 /sbin/ifconfig utun0 10.30.1.14 10.30.1.13 mtu 1500 netmask 255.255.255.255 up

2019-07-24 14:15:30.596775 /sbin/route add -net 168.1.99.252 192.168.1.1 255.255.255.255

                           add net 168.1.99.252: gateway 192.168.1.1

2019-07-24 14:15:30.600730 /sbin/route add -net 0.0.0.0 10.30.1.13 128.0.0.0

                           add net 0.0.0.0: gateway 10.30.1.13

2019-07-24 14:15:30.603819 /sbin/route add -net 128.0.0.0 10.30.1.13 128.0.0.0

                           add net 128.0.0.0: gateway 10.30.1.13

2019-07-24 14:15:30.605696 MANAGEMENT: >STATE:1563941730,ADD_ROUTES,,,,,,

2019-07-24 14:15:30.605764 /sbin/route add -net 10.30.1.1 10.30.1.13 255.255.255.255

                           add net 10.30.1.1: gateway 10.30.1.13

                           14:15:30 *Tunnelblick:  **********************************************

                           14:15:30 *Tunnelblick:  Start of output from client.up.tunnelblick.sh

                           14:15:32 *Tunnelblick:  Disabled IPv6 for 'RCM_DONGLE'

                           14:15:32 *Tunnelblick:  Retrieved from OpenVPN: name server(s) [ 209.222.18.222 209.222.18.218 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]

                           14:15:32 *Tunnelblick:  Not aggregating ServerAddresses because running on macOS 10.6 or higher

                           14:15:32 *Tunnelblick:  Not replacing search domains 'openvpn' with 'openvpn' because the search domains were set manually, '-allowChangesToManuallySetNetworkSettings' was not selected, and 'Prepend domain name to search domains' was not selected

                           14:15:34 *Tunnelblick:  Saved the DNS and SMB configurations so they can be restored

                           14:15:34 *Tunnelblick:  Changed DNS ServerAddresses setting from '8.8.8.8 8.8.4.4' to '209.222.18.222 209.222.18.218'

                           14:15:34 *Tunnelblick:  Did not change DNS SearchDomains setting of 'openvpn' (but re-set it)

                           14:15:34 *Tunnelblick:  Changed DNS DomainName setting from '' to 'openvpn'

                           14:15:34 *Tunnelblick:  Did not change SMB NetBIOSName setting of ''

                           14:15:34 *Tunnelblick:  Did not change SMB Workgroup setting of ''

                           14:15:34 *Tunnelblick:  Did not change SMB WINSAddresses setting of ''

                           14:15:34 *Tunnelblick:  DNS servers '209.222.18.222 209.222.18.218' will be used for DNS queries when the VPN is active

                           14:15:34 *Tunnelblick:  NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.

                           14:15:34 *Tunnelblick:  Flushed the DNS cache via dscacheutil

                           14:15:34 *Tunnelblick:  /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil

                           14:15:34 *Tunnelblick:  Notified mDNSResponder that the DNS cache was flushed

                           14:15:34 *Tunnelblick:  Notified mDNSResponderHelper that the DNS cache was flushed

                           14:15:34 *Tunnelblick:  Setting up to monitor system configuration with process-network-changes

                           14:15:34 *Tunnelblick:  End of output from client.up.tunnelblick.sh

                           14:15:34 *Tunnelblick:  **********************************************

2019-07-24 14:15:34.181500 Initialization Sequence Completed

2019-07-24 14:15:34.181580 MANAGEMENT: >STATE:1563941734,CONNECTED,SUCCESS,10.30.1.14,168.1.99.252,443,192.168.1.113,53719

2019-07-24 14:15:34.403301 *Tunnelblick: DNS address 209.222.18.218 is being routed through the VPN

2019-07-24 14:15:34.509915 *Tunnelblick: DNS address 209.222.18.222 is being routed through the VPN

2019-07-24 14:15:38.862479 *Tunnelblick: process-network-changes: A system configuration change was ignored

2019-07-24 14:15:44.173073 *Tunnelblick: This computer's apparent public IP address changed from 203.220.170.43 before connection to 196.52.60.76 after connection

2019-07-24 14:16:19.692050 *Tunnelblick: process-network-changes: A system configuration change was ignored

2019-07-24 14:17:19.289617 *Tunnelblick: process-network-changes: A system configuration change was ignored

2019-07-24 14:18:19.969626 *Tunnelblick: process-network-changes: A system configuration change was ignored

2019-07-24 14:18:31.753144 *Tunnelblick: Disconnecting; 'Disconnect all' menu command invoked

2019-07-24 14:18:32.059665 *Tunnelblick: Disconnecting using 'kill'

2019-07-24 14:18:32.216862 event_wait : Interrupted system call (code=4)

2019-07-24 14:18:32.217204 /sbin/route delete -net 10.30.1.1 10.30.1.13 255.255.255.255

                           delete net 10.30.1.1: gateway 10.30.1.13

2019-07-24 14:18:32.219668 /sbin/route delete -net 168.1.99.252 192.168.1.1 255.255.255.255

                           delete net 168.1.99.252: gateway 192.168.1.1

2019-07-24 14:18:32.221441 /sbin/route delete -net 0.0.0.0 10.30.1.13 128.0.0.0

                           delete net 0.0.0.0: gateway 10.30.1.13

2019-07-24 14:18:32.222717 /sbin/route delete -net 128.0.0.0 10.30.1.13 128.0.0.0

                           delete net 128.0.0.0: gateway 10.30.1.13

2019-07-24 14:18:32.224168 Closing TUN/TAP interface

2019-07-24 14:18:32.224371 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun0 1500 1544 10.30.1.14 10.30.1.13 init

                           14:18:32 *Tunnelblick:  **********************************************

                           14:18:32 *Tunnelblick:  Start of output from client.down.tunnelblick.sh

                           14:18:32 *Tunnelblick:  Cancelled monitoring system configuration changes

                           14:18:32 *Tunnelblick:  Restored State:DNS

                           14:18:32 *Tunnelblick:  Restored Setup:DNS

                           14:18:32 *Tunnelblick:  Restored DNS and SMB settings

                           14:18:32 *Tunnelblick:  Re-enabled IPv6 (automatic) for "RCM_DONGLE"

                           14:18:32 *Tunnelblick:  Flushed the DNS cache with dscacheutil -flushcache

                           14:18:32 *Tunnelblick:  Notified mDNSResponder that the DNS cache was flushed

                           14:18:32 *Tunnelblick:  End of output from client.down.tunnelblick.sh

                           14:18:32 *Tunnelblick:  **********************************************

2019-07-24 14:18:32.480268 SIGTERM[hard,] received, process exiting

2019-07-24 14:18:32.480326 MANAGEMENT: >STATE:1563941912,EXITING,SIGTERM,,,,,

2019-07-24 14:18:32.844956 *Tunnelblick: Expected disconnection occurred.

================================================================================

Down log:

14:18:32 *Tunnelblick:  **********************************************

14:18:32 *Tunnelblick:  Start of output from client.down.tunnelblick.sh

14:18:32 *Tunnelblick:  Cancelled monitoring system configuration changes

14:18:32 *Tunnelblick:  Restored State:DNS

14:18:32 *Tunnelblick:  Restored Setup:DNS

14:18:32 *Tunnelblick:  Removed State:SMB

14:18:32 *Tunnelblick:  Restored DNS and SMB settings

14:18:32 *Tunnelblick:  Re-enabled IPv6 (automatic) for "RCM_DONGLE"

14:18:32 *Tunnelblick:  Flushed the DNS cache with dscacheutil -flushcache

14:18:32 *Tunnelblick:  Notified mDNSResponder that the DNS cache was flushed

14:18:32 *Tunnelblick:  End of output from client.down.tunnelblick.sh

14:18:32 *Tunnelblick:  **********************************************

================================================================================

Previous down log:

13:59:16 *Tunnelblick:  **********************************************

13:59:16 *Tunnelblick:  Start of output from client.down.tunnelblick.sh

13:59:16 *Tunnelblick:  Cancelled monitoring system configuration changes

13:59:16 *Tunnelblick:  Restored State:DNS

13:59:16 *Tunnelblick:  Restored Setup:DNS

13:59:16 *Tunnelblick:  Removed State:SMB

13:59:16 *Tunnelblick:  Restored DNS and SMB settings

13:59:16 *Tunnelblick:  Re-enabled IPv6 (automatic) for "RCM_DONGLE"

13:59:16 *Tunnelblick:  Flushed the DNS cache with dscacheutil -flushcache

13:59:16 *Tunnelblick:  Notified mDNSResponder that the DNS cache was flushed

13:59:16 *Tunnelblick:  End of output from client.down.tunnelblick.sh

13:59:16 *Tunnelblick:  **********************************************

================================================================================

Network services:

An asterisk (*) denotes that a network service is disabled.

RCM_DONGLE

Wi-Fi

*Wi-Fi 2

*Bluetooth PAN

Thunderbolt Bridge

Wi-Fi Power (en0): On

================================================================================

ifconfig output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

options=3<RXCSUM,TXCSUM>

inet6 ::1 prefixlen 128 

inet 127.0.0.1 netmask 0xff000000 

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 

nd6 options=1<PERFORMNUD>

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

stf0: flags=0<> mtu 1280

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 60:f8:1d:a9:91:ec 

inet6 fe80::62f8:1dff:fea9:91ec%en0 prefixlen 64 scopeid 0x4 

inet 192.168.1.113 netmask 0xffffff00 broadcast 192.168.1.255

nd6 options=1<PERFORMNUD>

media: autoselect

status: active

en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500

options=60<TSO4,TSO6>

ether 72:00:06:fe:95:30 

media: autoselect <full-duplex>

status: inactive

en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500

options=60<TSO4,TSO6>

ether 72:00:06:fe:95:31 

media: autoselect <full-duplex>

status: inactive

p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304

ether 02:f8:1d:a9:91:ec 

media: autoselect

status: inactive

awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1452

ether be:c1:18:6c:9d:b3 

inet6 fe80::bcc1:18ff:fe6c:9db3%awdl0 prefixlen 64 scopeid 0x8 

nd6 options=1<PERFORMNUD>

media: autoselect

status: active

bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=63<RXCSUM,TXCSUM,TSO4,TSO6>

ether 62:f8:1d:9a:f5:00 

Configuration:

id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0

maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200

root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0

ipfilter disabled flags 0x2

member: en1 flags=3<LEARNING,DISCOVER>

        ifmaxaddr 0 port 5 priority 0 path cost 0

member: en2 flags=3<LEARNING,DISCOVER>

        ifmaxaddr 0 port 6 priority 0 path cost 0

media: <unknown type>

status: inactive

pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33088

utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500

inet6 fe80::f8e6:889:d5b:ce44%utun2 prefixlen 64 scopeid 0xf 

nd6 options=1<PERFORMNUD>

utun1: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 1500

vmnet1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 00:50:56:c0:00:01 

inet 172.16.40.1 netmask 0xffffff00 broadcast 172.16.40.255

vmnet8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 00:50:56:c0:00:08 

inet 172.16.36.1 netmask 0xffffff00 broadcast 172.16.36.255

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address            Size       Wired      Name (Version) <Linked Against>

   54    0 0xffffff7f80ee7000 0x4f000    0x4f000    at.obdev.nke.LittleSnitch (4354) <5 4 3 1>

   66    2 0xffffff7f80ad3000 0x26000    0x26000    com.sns.driver.SNSArchitectureModel (1.1.5) <65 64 62 7 5 4 3 1>

   71    0 0xffffff7f80e50000 0x10000    0x10000    com.usboverdrive.driver.hid (3.3) <70 37 32 5 4 3>

  117    0 0xffffff7f825ae000 0x5000     0x5000     com.bitgapp.eqMac2Driver (2.0) <85 5 4 3>

  121    1 0xffffff7f80b04000 0x10000    0x10000    com.sns.driver.Xtarget (1.1.2) <66 62 16 7 5 4 3 1>

  122    0 0xffffff7f80fcf000 0x3e000    0x3e000    com.sns.driver.SnsiSCSI (5.2.1) <121 66 65 7 5 4 3 1>

  124    0 0xffffff7f80b17000 0x62000    0x62000    com.paragon-software.kext.VDMounter (4.2) <16 5 4 3 1>

  140    3 0xffffff7f83063000 0x62000    0x62000    org.virtualbox.kext.VBoxDrv (5.1.24) <7 5 4 3 1>

  143    0 0xffffff7f830c5000 0x8000     0x8000     org.virtualbox.kext.VBoxUSB (5.1.24) <140 79 37 7 5 4 3 1>

  144    0 0xffffff7f830cd000 0x5000     0x5000     org.virtualbox.kext.VBoxNetFlt (5.1.24) <140 7 5 4 3 1>

  145    0 0xffffff7f830d2000 0x6000     0x6000     org.virtualbox.kext.VBoxNetAdp (5.1.24) <140 5 4 1>

  197    0 0xffffff7f83131000 0x16000    0x16000    com.github.osxfuse.filesystems.osxfusefs (2.8.3) <7 5 4 3 1>

  217    1 0xffffff7f83147000 0x11000    0x11000    com.vmware.kext.vmci (90.8.1) <12 5 4 3 1>

  218    0 0xffffff7f8318b000 0x15000    0x15000    com.vmware.kext.vmnet (0752.74.38) <217 5 4 3 1>

  219    0 0xffffff7f83158000 0xf000     0xf000     com.vmware.kext.vmx86 (0752.74.38) <7 5 4 3 1>

  220    0 0xffffff7f831a0000 0x6000     0x6000     com.vmware.kext.vmioplug.15.2.1 (15.2.1) <37 5 4 3 1>

================================================================================

Quit Log:

(Not found)

================================================================================

Console Log:

2019-07-24 11:57:08.000000 kernel[0] LS(4354): IdentifiedByStackParsing:/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.7-openssl-1.0.2r/openvpn

2019-07-24 11:57:16.000000 kernel[0] PM response took 147 ms (30638, Tunnelblick)

2019-07-24 12:59:07.000000 kernel[0] LS(4354): IdentifiedByStackParsing:/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.7-openssl-1.0.2r/openvpn

2019-07-24 12:59:17.000000 kernel[0] PM response took 549 ms (30638, Tunnelblick)

2019-07-24 13:57:15.000000 kernel[0] LS(4354): IdentifiedByStackParsing:/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.7-openssl-1.0.2r/openvpn

2019-07-24 13:57:16.000000 kernel[0] PM response took 144 ms (30638, Tunnelblick)

2019-07-24 13:59:07.000000 kernel[0] LS(4354): IdentifiedByStackParsing:/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.7-openssl-1.0.2r/openvpn

2019-07-24 13:59:16.000000 kernel[0] PM response took 452 ms (30638, Tunnelblick)

2019-07-24 14:15:26.000000 kernel[0] LS(4354): IdentifiedByStackParsing:/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.7-openssl-1.0.2r/openvpn

2019-07-24 14:18:32.203032 Tunnelblick[30638] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-SSANITIZED-SAU Melbourne TCP 443-Dtblk-SContents-SResources'

[Tunnelblick developer]

Thanks for reporting this, and special thanks for including the diagnostic info.

To summarize what happens:

You connect, and after some delay (I assume you mean minutes or hours, not just a couple seconds), you see the message about your DNS server 8.8.8.8 not being routed through the VPN.

The diagnostic info you submitted doesn't show that. You probably followed the directions carefully but what the directions don't say is that for a problem like the one you're having is that after connecting is that you should wait until the problem happens before clicking "Copy Diagnostic Info to Clipboard".

So please do that – don't click "Copy Diagnostic Info..." until after you've seen the message about 8.8.8.8 and 8.8.4.4.

2019-07-24 14:15:28.491679 VERIFY OK: depth=1, C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, emailAddress=secure@privateinternetaccess.com

[skirm...@gmail.com]

Thank you for your reply,

Your summary is correct: in this instance the time between connection and the error message appearing was several hours.

The diagnostic information was however, gathered as soon as I received the notification. I'm not certain why this would not be reflected.

I had just woken the machine from sleep when I received the message. Perhaps that is relevant to the content of the diagnostic information?

2019-07-24 14:15:28.491679 VERIFY OK: depth=1, C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, emailAddress=sec...@privateinternetaccess.com

[Tunnelblick developer]

Just woke from sleep - that is certainly relevant to the log contents, and probably to the problem, too.

Since you have the default setting of "Disconnect when computer goes to sleep" and "Reconnect when computer wakes up", Tunnelblick does exactly that, and it clears the log before it does the reconnect.

And the fact that it happened just after waking up sounds like a Tunnelblick bug -- probably checking DNS before the VPN has been fully restored or something like that.

So I thing it is Tunnelblick bug, and the messages

DNS server address 8.8.8.8 is a public DNS server known to Tunnelblick but is not being routed through the VPN

DNS server address 8.8.4.4 is a public DNS server known to Tunnelblick but is not being routed through the VPN

after waking from sleep are probably wrong.

I'll look into it. Thanks again for your report.

[Hasitha]

I have the same issue on Tunnelblick 3.8.1 (build 5400) mac. It also doesn't resolve the DNS properly sometimes.

Is there any workaround for this?

Thanks.

[Tunnelblick developer]

@Hasitha - Please post the diagnostic info obtained by following the instructions at Read Before You Post (https://tunnelblick.net/cBeforeYouPost.html).